CVE-2025-38162
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38162
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38162.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-38162
- Downstream
- Related
- Published
- 2025-07-03T08:36:03.731Z
- Modified
- 2025-11-20T09:18:20.789280Z
- Summary
- netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nftsetpipapo: prevent overflow in lookup table allocation
When calculating the lookup table size, ensure the following multiplication does not overflow:
- desc->fieldlen[] maximum value is U8MAX multiplied by NFTPIPAPOGROUPSPERBYTE(f) that can be 2, worst case.
- NFTPIPAPOBUCKETS(f->bb) is 2^8, worst case.
- sizeof(unsigned long), from sizeof(*f->lt), lt in struct nftpipapofield.
Then, use checkmuloverflow() to multiply by bucket size and then use checkaddoverflow() to the alignment for avx2 (if needed). Finally, add ltsizecheck_overflow() helper and use it to consolidate this.
While at it, replace leftover allocation using the GFPKERNEL to GFPKERNELACCOUNT for consistency, in pipaporesize().
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3c4287f62044a90e73a561aa05fc46e62da173daFixedc1360ac8156c0a3f2385baef91d8d26fd9d39701
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3c4287f62044a90e73a561aa05fc46e62da173daFixed43fe1181f738295624696ae9ff611790edb65b5e
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced3c4287f62044a90e73a561aa05fc46e62da173daFixed4c5c6aa9967dbe55bd017bb509885928d0f31206
Affected versions
v5.*
v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.5
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8
v6.*
v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.2
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-38162-0b576983",
"signature_version": "v1",
"digest": {
"length": 1704.0,
"function_hash": "10484616119870373284825762057719111497"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1360ac8156c0a3f2385baef91d8d26fd9d39701",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_clone"
}
},
{
"id": "CVE-2025-38162-28fe4abf",
"signature_version": "v1",
"digest": {
"length": 1243.0,
"function_hash": "282256062669604435482398899737172746480"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c5c6aa9967dbe55bd017bb509885928d0f31206",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_lt_bits_adjust"
}
},
{
"id": "CVE-2025-38162-3fce130d",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47031443914430254782500187522342161505",
"94128435079666963118118472104797799017",
"96197063171864025831297877754423155906",
"211140172841165065326019271083771083062",
"196705115443594863606435985360731039917",
"98705710866201618642376661765255332622",
"69921373475410849834243898048767327807",
"55880073047885693814584478888407258600",
"297335579387732642326199436133657107612",
"289262110380547681868225714002637579985",
"130476969428518916311882423520725718698",
"177562650002653301947251715891015557936",
"63227164133102120211005063543353742796",
"277566344774314265855952734675290752110",
"168016280425539567883566292713427199507",
"319578041350987847393148730857649731822",
"299749741874453746418075103738115550440",
"175304975000563043959904823288873484477",
"89663411175766884225939955278218241732",
"178100301154543907868248150478054438469",
"222932704118727840880867848546011893547",
"120503928697476429215686218309212796132",
"330097470606212084726960793637149931417",
"334958666871159397746185347012717820306",
"314674963965407833743805156709675694816",
"123565371062780663552410794713854385882",
"57391503140893054227955216109420766774",
"86132806650797244230625574430636758302",
"278704841880665788354169818021123607418",
"219284469782007587561695793049324225692",
"307095686939960316172899472312812135906",
"235114077545000339895509065198274195592",
"214965620099201009827451288022618909696",
"29646457082917571811323226969413066531",
"14255475426597714082154103368130235526",
"73815612838441161995566612132459221762",
"58707827260254026596545689474802882493",
"116307692919685214623230817102768855817",
"247035623126541499776888557133739002117",
"130673203010699857638769989381859875187",
"40747066236643469917341367159427939340",
"226486367396165542066355138200058367895"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43fe1181f738295624696ae9ff611790edb65b5e",
"target": {
"file": "net/netfilter/nft_set_pipapo.c"
}
},
{
"id": "CVE-2025-38162-77d450c2",
"signature_version": "v1",
"digest": {
"length": 1704.0,
"function_hash": "10484616119870373284825762057719111497"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c5c6aa9967dbe55bd017bb509885928d0f31206",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_clone"
}
},
{
"id": "CVE-2025-38162-9015eaa7",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "119102079796331531509802179326443718595"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43fe1181f738295624696ae9ff611790edb65b5e",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_resize"
}
},
{
"id": "CVE-2025-38162-a805098b",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47031443914430254782500187522342161505",
"94128435079666963118118472104797799017",
"96197063171864025831297877754423155906",
"211140172841165065326019271083771083062",
"196705115443594863606435985360731039917",
"98705710866201618642376661765255332622",
"69921373475410849834243898048767327807",
"55880073047885693814584478888407258600",
"297335579387732642326199436133657107612",
"289262110380547681868225714002637579985",
"130476969428518916311882423520725718698",
"177562650002653301947251715891015557936",
"63227164133102120211005063543353742796",
"277566344774314265855952734675290752110",
"168016280425539567883566292713427199507",
"319578041350987847393148730857649731822",
"299749741874453746418075103738115550440",
"175304975000563043959904823288873484477",
"89663411175766884225939955278218241732",
"178100301154543907868248150478054438469",
"222932704118727840880867848546011893547",
"120503928697476429215686218309212796132",
"330097470606212084726960793637149931417",
"334958666871159397746185347012717820306",
"314674963965407833743805156709675694816",
"123565371062780663552410794713854385882",
"57391503140893054227955216109420766774",
"86132806650797244230625574430636758302",
"278704841880665788354169818021123607418",
"219284469782007587561695793049324225692",
"307095686939960316172899472312812135906",
"235114077545000339895509065198274195592",
"214965620099201009827451288022618909696",
"29646457082917571811323226969413066531",
"14255475426597714082154103368130235526",
"73815612838441161995566612132459221762",
"58707827260254026596545689474802882493",
"116307692919685214623230817102768855817",
"247035623126541499776888557133739002117",
"130673203010699857638769989381859875187",
"40747066236643469917341367159427939340",
"226486367396165542066355138200058367895"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1360ac8156c0a3f2385baef91d8d26fd9d39701",
"target": {
"file": "net/netfilter/nft_set_pipapo.c"
}
},
{
"id": "CVE-2025-38162-b277f1fb",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "119102079796331531509802179326443718595"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c5c6aa9967dbe55bd017bb509885928d0f31206",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_resize"
}
},
{
"id": "CVE-2025-38162-b867e2f5",
"signature_version": "v1",
"digest": {
"length": 1243.0,
"function_hash": "282256062669604435482398899737172746480"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43fe1181f738295624696ae9ff611790edb65b5e",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_lt_bits_adjust"
}
},
{
"id": "CVE-2025-38162-c0078ada",
"signature_version": "v1",
"digest": {
"length": 1704.0,
"function_hash": "10484616119870373284825762057719111497"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@43fe1181f738295624696ae9ff611790edb65b5e",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_clone"
}
},
{
"id": "CVE-2025-38162-e7589e8e",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "119102079796331531509802179326443718595"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1360ac8156c0a3f2385baef91d8d26fd9d39701",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_resize"
}
},
{
"id": "CVE-2025-38162-e7dd3301",
"signature_version": "v1",
"digest": {
"length": 1243.0,
"function_hash": "282256062669604435482398899737172746480"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c1360ac8156c0a3f2385baef91d8d26fd9d39701",
"target": {
"file": "net/netfilter/nft_set_pipapo.c",
"function": "pipapo_lt_bits_adjust"
}
},
{
"id": "CVE-2025-38162-f46bfd8d",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47031443914430254782500187522342161505",
"94128435079666963118118472104797799017",
"96197063171864025831297877754423155906",
"211140172841165065326019271083771083062",
"196705115443594863606435985360731039917",
"98705710866201618642376661765255332622",
"69921373475410849834243898048767327807",
"55880073047885693814584478888407258600",
"297335579387732642326199436133657107612",
"289262110380547681868225714002637579985",
"130476969428518916311882423520725718698",
"177562650002653301947251715891015557936",
"63227164133102120211005063543353742796",
"277566344774314265855952734675290752110",
"168016280425539567883566292713427199507",
"319578041350987847393148730857649731822",
"299749741874453746418075103738115550440",
"175304975000563043959904823288873484477",
"89663411175766884225939955278218241732",
"178100301154543907868248150478054438469",
"222932704118727840880867848546011893547",
"120503928697476429215686218309212796132",
"330097470606212084726960793637149931417",
"334958666871159397746185347012717820306",
"314674963965407833743805156709675694816",
"123565371062780663552410794713854385882",
"57391503140893054227955216109420766774",
"86132806650797244230625574430636758302",
"278704841880665788354169818021123607418",
"219284469782007587561695793049324225692",
"307095686939960316172899472312812135906",
"235114077545000339895509065198274195592",
"214965620099201009827451288022618909696",
"29646457082917571811323226969413066531",
"14255475426597714082154103368130235526",
"73815612838441161995566612132459221762",
"58707827260254026596545689474802882493",
"116307692919685214623230817102768855817",
"247035623126541499776888557133739002117",
"130673203010699857638769989381859875187",
"40747066236643469917341367159427939340",
"226486367396165542066355138200058367895"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4c5c6aa9967dbe55bd017bb509885928d0f31206",
"target": {
"file": "net/netfilter/nft_set_pipapo.c"
}
}
]